wannacry | 8abe1f759d1a638ef942f3e9f13d3f8e9e510b7fc85577bf14744bb9b7cf6a7e | Triage

Sharing

General

Target

8abe1f759d1a638ef942f3e9f13d3f8e9e510b7fc85577bf14744bb9b7cf6a7e.exe
Size

3.6MB
Sample

250113-wacaja1mhy
MD5

35ed1f40991411ba4813bbe5e7ce9e5e
SHA1

5e9bb5d2c76af1a1770c8f9c92b9b183c8318278
SHA256

8abe1f759d1a638ef942f3e9f13d3f8e9e510b7fc85577bf14744bb9b7cf6a7e
SHA512

2f60ff97a76ba1fb45bec3333deed7e3244697dbe75c9ddca4f6e6702f63cc8d16e5f9901bf0dd3fb7ece554dcf0632109a6e726a9d858c9b3d4be4007dc2f35
SSDEEP

49152:2nAQqMSPbcBVQej1NRx+TSqTdX1HkQo6SAARdhnvxJM0H9PAMEcaEau3l:yDqPoBhzRxcSUDk36SAEdhvxWa9P593l

Score

10^/10

wannacry discovery ransomware worm

Malware Config

Targets

- Target
  
  8abe1f759d1a638ef942f3e9f13d3f8e9e510b7fc85577bf14744bb9b7cf6a7e.exe
- Size
  
  3.6MB
- MD5
  
  35ed1f40991411ba4813bbe5e7ce9e5e
- SHA1
  
  5e9bb5d2c76af1a1770c8f9c92b9b183c8318278
- SHA256
  
  8abe1f759d1a638ef942f3e9f13d3f8e9e510b7fc85577bf14744bb9b7cf6a7e
- SHA512
  
  2f60ff97a76ba1fb45bec3333deed7e3244697dbe75c9ddca4f6e6702f63cc8d16e5f9901bf0dd3fb7ece554dcf0632109a6e726a9d858c9b3d4be4007dc2f35
- SSDEEP
  
  49152:2nAQqMSPbcBVQej1NRx+TSqTdX1HkQo6SAARdhnvxJM0H9PAMEcaEau3l:yDqPoBhzRxcSUDk36SAEdhvxWa9P593l
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Wannacry family
  wannacry
- Contacts a large (2486) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm